CVE-2021-0318

January 13, 2021

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.

Summary:

In appendEventsToCacheLocked of SensorEventConnection.cpp, there is a possible out of bounds write due to a use-after-free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation. Product: Android; Versions: Android-9, Android-8.1, Android-10, Android-11; Android ID: A-168211968.

Reference Links(if available):

  • https://source.android.com/security/bulletin/2021-01-01

  • CVSS Score (if available)

    v2: / HIGH

    v3: /

    Links to Exploits(if available)

  • You may have missed

    image 1

    CVE Alert: CVE-2024-52867

    November 18, 2024
    image 1

    CVE Alert: CVE-2020-25720

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-4639

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-1419

    November 18, 2024
    image 1

    CVE Alert: CVE-2023-43091

    November 18, 2024